acl_check(3) — Linux manual page


ACL_CHECK(3)             Library Functions Manual           ACL_CHECK(3)

NAME         top

       acl_check — check an ACL for validity

LIBRARY         top

       Linux Access Control Lists library (libacl, -lacl).

SYNOPSIS         top

       <sys/types.h> <acl/libacl.h> int acl_check(acl_t acl, int *last)

DESCRIPTION         top

       The acl_check() function checks the ACL referred to by the
       argument acl for validity.

       The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and
       ACL_OTHER must exist exactly once in the ACL. If the ACL contains
       any ACL_USER or ACL_GROUP entries, then an ACL_MASK entry is also
       required. The ACL may contain at most one ACL_MASK entry.

       The user identifiers must be unique among all entries of type
       ACL_USER.  The group identifiers must be unique among all entries
       of type ACL_GROUP.

       If the ACL referred to by acl is invalid, acl_check() returns a
       positive error code that indicates which type of error was
       detected.  The following symbolic error codes are defined:

       ACL_MULTI_ERROR       The ACL contains multiple entries that have
                             a tag type that may occur at most once.

       ACL_DUPLICATE_ERROR   The ACL contains multiple ACL_USER entries
                             with the same user ID, or multiple
                             ACL_GROUP entries with the same group ID.

       ACL_MISS_ERROR        A required entry is missing.

       ACL_ENTRY_ERROR       The ACL contains an invalid entry tag type.

       The acl_error() function can be used to translate error codes to
       text messages.

       In addition, if the pointer last is not NULL, acl_check() assigns
       the number of the ACL entry at which the error was detected to
       the value pointed to by last.  Entries are numbered starting with
       zero, in the order in which they would be returned by the
       acl_get_entry() function.

RETURN VALUE         top

       If successful, the acl_check() function returns 0 if the ACL
       referred to by acl is valid, and a positive error code if the ACL
       is invalid. Otherwise, a value of -1 is returned and the global
       variable errno is set to indicate the error.

ERRORS         top

       If any of the following conditions occur, the acl_check()
       function returns -1 and sets errno to the corresponding value:

       [EINVAL]           The argument acl is not a valid pointer to an

STANDARDS         top

       This is a non-portable, Linux specific extension to the ACL
       manipulation functions defined in IEEE Std 1003.1e draft 17
       (“POSIX.1e”, abandoned).

SEE ALSO         top

       acl_valid(3), acl(5)

AUTHOR         top

       Written by Andreas Gruenbacher <>.

COLOPHON         top

       This page is part of the acl (manipulating access control lists)
       project.  Information about the project can be found at  If you have a bug
       report for this manual page, see
       ⟨⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨git://⟩ on 2023-12-22.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2023-12-01.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

Linux ACL                    March 23, 2002                 ACL_CHECK(3)